Made MTTR example be flexible with the field to group by as parameter

Author: slavikm

client/incident.go

@@ -22,6 +22,9 @@ type Attachment struct {
 	Description string `json:"description"`
 }
 
+// CustomFields ...
+type CustomFields map[string]interface{}
+
 // Incident details.
 // An incident can be opened by us algorithmically or arrive from an external source like SIEM.
 // If you add fields, make sure to add them to the mapping as well
@@ -74,6 +77,8 @@ type Incident struct {
 	DueDate time.Time `json:"dueDate,omitempty"`
 	// Should we automagically create the investigation
 	CreateInvestigation bool `json:"createInvestigation"`
+	// This field must have empty json key
+	CustomFields `json:""`
 }
 
 type idVersion struct {

mttr/mttr.go

@@ -5,7 +5,9 @@ import (
 	"flag"
 	"fmt"
 	"os"
+	"reflect"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/demisto/tools/client"
@@ -16,6 +18,7 @@ var (
 	password = flag.String("p", "", "Password to login to the server")
 	server   = flag.String("s", "", "Demisto server URL")
 	filter   = flag.String("f", "status:=2 and closed:>"+defaultStartDate(), "Filter for the mttr query")
+	group    = flag.String("g", "owner", "Which field to group by")
 	output   = flag.String("o", "mttr.csv", "Output csv file path")
 )
 
@@ -79,22 +82,50 @@ func main() {
 			continue
 		}
 		delta := incidents.Data[i].Closed.Sub(incidents.Data[i].Created)
-		owner := incidents.Data[i].OwnerID
-		if owner == "" {
-			owner = "dbot"
+		field := incidents.Data[i].OwnerID
+		if *group == "owner" {
+			if field == "" {
+				field = "dbot"
+			}
+		} else {
+			found := false
+			val := reflect.ValueOf(incidents.Data[i])
+			typ := val.Type()
+			for i := 0; i < typ.NumField(); i++ {
+				tag := typ.Field(i).Tag
+				jsonTag := tag.Get("json")
+				if jsonTag == *group || strings.Title(*group) == typ.Field(i).Name {
+					field = val.FieldByName(typ.Field(i).Name).String()
+					found = true
+					break
+				}
+			}
+			if !found {
+				for k, v := range incidents.Data[i].CustomFields {
+					if k == *group {
+						field = fmt.Sprintf("%v", v)
+						found = true
+						break
+					}
+				}
+			}
+			// If not found then it will default to owner
+			if !found {
+				field = ""
+			}
 		}
-		if _, ok := mttr[owner]; ok {
-			mttr[owner]["incidents"] = mttr[owner]["incidents"] + 1
-			mttr[owner]["total"] = mttr[owner]["total"] + int64(delta)
+		if _, ok := mttr[field]; ok {
+			mttr[field]["incidents"] = mttr[field]["incidents"] + 1
+			mttr[field]["total"] = mttr[field]["total"] + int64(delta)
 		} else {
-			mttr[owner] = map[string]int64{"incidents": 1, "total": int64(delta)}
+			mttr[field] = map[string]int64{"incidents": 1, "total": int64(delta)}
 		}
 	}
 	f, err := os.Create(*output)
 	check(err)
 	defer f.Close()
 	w := csv.NewWriter(f)
-	w.Write([]string{"Analyst", "Incidents", "MTTR"})
+	w.Write([]string{strings.Title(*group), "Incidents", "MTTR"})
 	for k, v := range mttr {
 		w.Write([]string{k, strconv.FormatInt(v["incidents"], 10), strconv.FormatInt(int64(time.Duration(v["total"]/v["incidents"]).Minutes()), 10)})
 	}